Remove protocol restriction for SRV records in cloudflare_dns module. Fixes #36708 #36709
Conversation
ansibot
added
bugfix_pull_request
community_review
Akasurde
removed
the
needs_triage
| @@ -44,7 +44,7 @@ | |||
| proto: | |||
| description: Service protocol. Required for C(type=SRV) | |||
| required: false | |||
| choices: [ 'tcp', 'udp' ] | |||
| choices: [ 'tcp', 'udp', 'tls' ] | |||
There was a problem hiding this comment.
Could you please mention like this in description
option 'tls' is added version 2.6
DennisGlindhart
force-pushed
the
cloudflare-srvtls
branch
from
58fafc5
to
33d2306
Compare
|
Ok, up until now I had simply assumed that tcp and udp were the only two allowed values for the SRV record protocol field. Yet, taking a closer look at RFC 2782 those two protocols are simply listed as "at present the most useful values for this field". Likewise CloudFlare appear to accept all kinds of values in the protocol position, not simply tcp, udp, and tls. @DennisGlindhart Is there any specific and/or common use case for naming the tls protocol in SRV records? That is, does it make the most sense to explicit add tls as an allowed parameter value, or does it make more sense to fully remove the present restrictions? |
|
@andreaso According to RFC 2782 all kinds of values are allowed, yes. Although, using the Cloudflare Admin-UI in the browser, it seems that only tcp, udp and tls are possible to create in CF. It might be worth investigating whether or not CF allows for other types when using the API instead. If CF really does support arbitrary values, I think it would make sense to remove the restriction completely. I'll try to investigate further and adjust PR accordingly. |
|
Using the API (or more specifically, by using a locally modified cloudflare_dns module) I managed to create a SRV record with the made-up zebra protocol. On the other hand, there is a benefit in keeping a restrictive parameter list, as it makes it easier to use the module properly. Especially since it's to my knowledge is very unusual for people to need SRV records for arbitrary protocols. Hence back to my original question, what's the use case for the tls protocol in this context? |
|
@andreaso Yep - I was also able to create some "random" protocol via the API. So TL;DR: Cloudflare API allows us to follow the RFC and use arbitrary protocol. Although tcp, udp and tls are probably enough for 99% of users, there are valid scenarios for other protocols as well. (Maybe we will soon see more protocols used (i.e SCTP or DCCP) when NAT is more or less going away with IPv6 currently preventing use of other protocols than TCP and UDP) I don't think removing the restriction makes the module that much harder to use, and following the standard is more important when we have the possibility. We can write the "normal" values (tcp & udp) in the description. I think people using this module will mostly be copying the values from some reference (like the link above) - or alternatively - know what they are doing. I'm thinking of just remove the restrictions then - Agree? |
|
Thanks for helping me sort out what is what here! At this point I can see the merit with both approaches, and I'll be willing to approve whichever one you choose to move forward with in this pull request. |
DennisGlindhart
force-pushed
the
cloudflare-srvtls
branch
from
33d2306
to
941bee4
Compare
DennisGlindhart
changed the title
|
I have now removed the restriction altogether so we follow the RFC. I've also "rebased" / removed my previous commits (adding tls) so this is one clean commit and changed the title of the PR to be more correct. I think this should be ready for merge now. Thanks for all your help! cc @andreaso |
| @@ -42,9 +42,8 @@ | |||
| required: false | |||
| default: "1" | |||
| proto: | |||
| description: Service protocol. Required for C(type=SRV) | |||
| description: Service protocol. Required for C(type=SRV). Common values are tcp and udp. (Before Ansible 2.6 only tcp and udp were available) | |||
| @@ -42,9 +42,8 @@ | |||
| required: false | |||
| default: "1" | |||
| proto: | |||
| description: Service protocol. Required for C(type=SRV) | |||
| description: Service protocol. Required for C(type=SRV). Common values are tcp and udp. (Before Ansible 2.6 only tcp and udp were available) | |||
There was a problem hiding this comment.
Also, add this note is CHANGELOG.md telling end-user about this.
ansibot
added
needs_revision
DennisGlindhart
force-pushed
the
cloudflare-srvtls
branch
from
941bee4
to
ea0d2fd
Compare
ansibot
added
the
support:core
|
shipit |
|
@Akasurde: Happy as well? |
ansibot
added
bug
|
@Akasurde I adjusted according to your review/change requests and pushed a new commit replacing the existing one with the intention to to keep history simple, but the automated bot/checks does not seem to have picked up the change (maybe because it wasn't a new commit on top of the existing one). |
ansibot
added
stale_ci
ansibot
added
core_review
|
As a general rule DNS names are compared without considering case. When it comes to SRV records RFC 2782 explicitly states that "The Proto is case insensitive." |
|
Thanks for confirming |
ansibot
removed
the
stale_ci
|
rebuild_merge |
|
@DennisGlindhart @andreaso @gundalow Thanks for contribution. |
SUMMARY
Remove protocol restriction for SRV records in cloudflare_dns module. Fixes #36708
ISSUE TYPE
COMPONENT NAME
cloudflare_dns
ANSIBLE VERSION